accounts_umask_* checks are referencing the wrong variables.
Brian Millett (1):
RHEL6/input/system/accounts/session.xml only references the variable "var_accounts_user_umask" so the checkes defined in RHEL6/input/checks/accounts_umask* error doing an evaluation.
This patch is to have the RHEL6/input/checks/accounts_umask* reference the same variable referenced in RHEL6/input/system/accounts/session.xml
RHEL6/input/checks/accounts_umask_bashrc.xml | 4 ++-- RHEL6/input/checks/accounts_umask_cshrc.xml | 4 ++-- RHEL6/input/checks/accounts_umask_etc_profile.xml | 4 ++-- RHEL6/input/checks/accounts_umask_login_defs.xml | 4 ++-- 4 files changed, 8 insertions(+), 8 deletions(-)
var_acocunts_umask_bashrc referenced in accounts_umask_bashrc.xml var_accounts_umask_cshrc referenced in accounts_umask_cshrc.xml var_accounts_umask_etc_profile referenced in accounts_umask_etc_profile.xml var_accounts_umask_login_defs referenced in accounts_umask_login_defs.xml
to match the same var in the oval checks, var_accounts_user_umask
At least it is now checking and not erroring out.
Signed-off-by: Brian Millett bmillett@gmail.com --- RHEL6/input/checks/accounts_umask_bashrc.xml | 4 ++-- RHEL6/input/checks/accounts_umask_cshrc.xml | 4 ++-- RHEL6/input/checks/accounts_umask_etc_profile.xml | 4 ++-- RHEL6/input/checks/accounts_umask_login_defs.xml | 4 ++-- 4 files changed, 8 insertions(+), 8 deletions(-)
diff --git a/RHEL6/input/checks/accounts_umask_bashrc.xml b/RHEL6/input/checks/accounts_umask_bashrc.xml index 2422fba..3857f4c 100644 --- a/RHEL6/input/checks/accounts_umask_bashrc.xml +++ b/RHEL6/input/checks/accounts_umask_bashrc.xml @@ -18,9 +18,9 @@ <ind:state state_ref="state_accounts_umask_bashrc" /> </ind:textfilecontent54_test> <ind:textfilecontent54_state id="state_accounts_umask_bashrc" version="1"> - <ind:subexpression operation="equals" var_check="all" var_ref="var_accounts_umask_bashrc" /> + <ind:subexpression operation="equals" var_check="all" var_ref="var_accounts_user_umask" /> </ind:textfilecontent54_state> - <external_variable comment="umask for user shell" datatype="string" id="var_accounts_umask_bashrc" version="1" /> + <external_variable comment="umask for user shell" datatype="string" id="var_accounts_user_umask" version="1" /> <ind:textfilecontent54_object id="obj_accounts_umask_bashrc" version="1"> ind:path/etc</ind:path> ind:filenamebashrc</ind:filename> diff --git a/RHEL6/input/checks/accounts_umask_cshrc.xml b/RHEL6/input/checks/accounts_umask_cshrc.xml index be2c77b..bdafcb2 100644 --- a/RHEL6/input/checks/accounts_umask_cshrc.xml +++ b/RHEL6/input/checks/accounts_umask_cshrc.xml @@ -19,9 +19,9 @@ <ind:state state_ref="state_accounts_umask_cshrc" /> </ind:textfilecontent54_test> <ind:textfilecontent54_state id="state_accounts_umask_cshrc" version="1"> - <ind:subexpression operation="equals" var_check="all" var_ref="var_accounts_umask_cshrc" /> + <ind:subexpression operation="equals" var_check="all" var_ref="var_accounts_user_umask" /> </ind:textfilecontent54_state> - <external_variable comment="umask for user shell" datatype="string" id="var_accounts_umask_cshrc" version="1" /> + <external_variable comment="umask for user shell" datatype="string" id="var_accounts_user_umask" version="1" /> <ind:textfilecontent54_object id="obj_accounts_umask_cshrc" version="1"> ind:path/etc</ind:path> ind:filenamecsh.cshrc</ind:filename> diff --git a/RHEL6/input/checks/accounts_umask_etc_profile.xml b/RHEL6/input/checks/accounts_umask_etc_profile.xml index 107e68b..4125baa 100644 --- a/RHEL6/input/checks/accounts_umask_etc_profile.xml +++ b/RHEL6/input/checks/accounts_umask_etc_profile.xml @@ -22,9 +22,9 @@ <ind:state state_ref="state_accounts_umask_etc_profile" /> </ind:textfilecontent54_test> <ind:textfilecontent54_state id="state_accounts_umask_etc_profile" version="1"> - <ind:subexpression operation="equals" var_check="all" var_ref="var_accounts_umask_etc_profile" /> + <ind:subexpression operation="equals" var_check="all" var_ref="var_accounts_user_umask" /> </ind:textfilecontent54_state> - <external_variable comment="user umask" datatype="string" id="var_accounts_umask_etc_profile" version="1" /> + <external_variable comment="user umask" datatype="string" id="var_accounts_user_umask" version="1" /> <ind:textfilecontent54_object id="obj_accounts_umask_etc_profile" version="1"> ind:path/etc</ind:path> diff --git a/RHEL6/input/checks/accounts_umask_login_defs.xml b/RHEL6/input/checks/accounts_umask_login_defs.xml index bb77059..8e19cbf 100644 --- a/RHEL6/input/checks/accounts_umask_login_defs.xml +++ b/RHEL6/input/checks/accounts_umask_login_defs.xml @@ -20,9 +20,9 @@ <ind:state state_ref="state_accounts_umask_login_defs" /> </ind:textfilecontent54_test> <ind:textfilecontent54_state id="state_accounts_umask_login_defs" version="1"> - <ind:subexpression operation="equals" var_check="all" var_ref="var_accounts_umask_login_defs" /> + <ind:subexpression operation="equals" var_check="all" var_ref="var_accounts_user_umask" /> </ind:textfilecontent54_state> - <external_variable comment="user umask" datatype="string" id="var_accounts_umask_login_defs" version="1" /> + <external_variable comment="user umask" datatype="string" id="var_accounts_user_umask" version="1" /> <ind:textfilecontent54_object id="obj_accounts_umask_login_defs" version="1"> ind:path/etc</ind:path> ind:filenamelogin.defs</ind:filename>
On 6/10/13 12:26 PM, Brian Millett wrote:
var_acocunts_umask_bashrc referenced in accounts_umask_bashrc.xml var_accounts_umask_cshrc referenced in accounts_umask_cshrc.xml var_accounts_umask_etc_profile referenced in accounts_umask_etc_profile.xml var_accounts_umask_login_defs referenced in accounts_umask_login_defs.xml
to match the same var in the oval checks, var_accounts_user_umask
At least it is now checking and not erroring out.
Signed-off-by: Brian Millett bmillett@gmail.com
RHEL6/input/checks/accounts_umask_bashrc.xml | 4 ++-- RHEL6/input/checks/accounts_umask_cshrc.xml | 4 ++-- RHEL6/input/checks/accounts_umask_etc_profile.xml | 4 ++-- RHEL6/input/checks/accounts_umask_login_defs.xml | 4 ++-- 4 files changed, 8 insertions(+), 8 deletions(-)
diff --git a/RHEL6/input/checks/accounts_umask_bashrc.xml b/RHEL6/input/checks/accounts_umask_bashrc.xml index 2422fba..3857f4c 100644 --- a/RHEL6/input/checks/accounts_umask_bashrc.xml +++ b/RHEL6/input/checks/accounts_umask_bashrc.xml @@ -18,9 +18,9 @@ <ind:state state_ref="state_accounts_umask_bashrc" /> </ind:textfilecontent54_test> <ind:textfilecontent54_state id="state_accounts_umask_bashrc" version="1">
- <ind:subexpression operation="equals" var_check="all" var_ref="var_accounts_umask_bashrc" />
- <ind:subexpression operation="equals" var_check="all" var_ref="var_accounts_user_umask" /> </ind:textfilecontent54_state>
<external_variable comment="umask for user shell" datatype="string" id="var_accounts_umask_bashrc" version="1" />
<external_variable comment="umask for user shell" datatype="string" id="var_accounts_user_umask" version="1" /> <ind:textfilecontent54_object id="obj_accounts_umask_bashrc" version="1"> <ind:path>/etc</ind:path> <ind:filename>bashrc</ind:filename>
diff --git a/RHEL6/input/checks/accounts_umask_cshrc.xml b/RHEL6/input/checks/accounts_umask_cshrc.xml index be2c77b..bdafcb2 100644 --- a/RHEL6/input/checks/accounts_umask_cshrc.xml +++ b/RHEL6/input/checks/accounts_umask_cshrc.xml @@ -19,9 +19,9 @@ <ind:state state_ref="state_accounts_umask_cshrc" /> </ind:textfilecontent54_test> <ind:textfilecontent54_state id="state_accounts_umask_cshrc" version="1">
- <ind:subexpression operation="equals" var_check="all" var_ref="var_accounts_umask_cshrc" />
- <ind:subexpression operation="equals" var_check="all" var_ref="var_accounts_user_umask" /> </ind:textfilecontent54_state>
<external_variable comment="umask for user shell" datatype="string" id="var_accounts_umask_cshrc" version="1" />
<external_variable comment="umask for user shell" datatype="string" id="var_accounts_user_umask" version="1" /> <ind:textfilecontent54_object id="obj_accounts_umask_cshrc" version="1"> <ind:path>/etc</ind:path> <ind:filename>csh.cshrc</ind:filename>
diff --git a/RHEL6/input/checks/accounts_umask_etc_profile.xml b/RHEL6/input/checks/accounts_umask_etc_profile.xml index 107e68b..4125baa 100644 --- a/RHEL6/input/checks/accounts_umask_etc_profile.xml +++ b/RHEL6/input/checks/accounts_umask_etc_profile.xml @@ -22,9 +22,9 @@ <ind:state state_ref="state_accounts_umask_etc_profile" /> </ind:textfilecontent54_test> <ind:textfilecontent54_state id="state_accounts_umask_etc_profile" version="1">
- <ind:subexpression operation="equals" var_check="all" var_ref="var_accounts_umask_etc_profile" />
- <ind:subexpression operation="equals" var_check="all" var_ref="var_accounts_user_umask" /> </ind:textfilecontent54_state>
<external_variable comment="user umask" datatype="string" id="var_accounts_umask_etc_profile" version="1" />
<external_variable comment="user umask" datatype="string" id="var_accounts_user_umask" version="1" /> <ind:textfilecontent54_object id="obj_accounts_umask_etc_profile" version="1"> <ind:path>/etc</ind:path>
diff --git a/RHEL6/input/checks/accounts_umask_login_defs.xml b/RHEL6/input/checks/accounts_umask_login_defs.xml index bb77059..8e19cbf 100644 --- a/RHEL6/input/checks/accounts_umask_login_defs.xml +++ b/RHEL6/input/checks/accounts_umask_login_defs.xml @@ -20,9 +20,9 @@ <ind:state state_ref="state_accounts_umask_login_defs" /> </ind:textfilecontent54_test> <ind:textfilecontent54_state id="state_accounts_umask_login_defs" version="1">
- <ind:subexpression operation="equals" var_check="all" var_ref="var_accounts_umask_login_defs" />
- <ind:subexpression operation="equals" var_check="all" var_ref="var_accounts_user_umask" /> </ind:textfilecontent54_state>
<external_variable comment="user umask" datatype="string" id="var_accounts_umask_login_defs" version="1" />
<external_variable comment="user umask" datatype="string" id="var_accounts_user_umask" version="1" /> <ind:textfilecontent54_object id="obj_accounts_umask_login_defs" version="1"> <ind:path>/etc</ind:path> <ind:filename>login.defs</ind:filename>
Ack. The old variables aren't even declared in the XCCDF, must be a hold out from the RHEL5 OVAL.
scap-security-guide@lists.fedorahosted.org
-
Brian Millett -
Shawn Wells